U.S. District Judge Finds Cloud Music Storage Service Can Be Protected by Safe Harbor Provisions of the DMCA


On August 22, 2011, the Southern District of New York (Pauley, J.) issued an important opinion regarding the eligibility of cloud music storage services for safe harbor under the Digital Millennium Copyright Act (DMCA) in Capitol Records, Inc. v. MP3tunes, LLC (No. 07-Civ 9931). The Court held that to qualify for safe harbor, service providers that permit users to search for copyrighted works available for free download on the internet and to store those works in private cloud storage lockers must (1) keep track of the source of copyrighted works stored in user lockers; and (2) remove works from user lockers that were copied from a source identified as infringing by a copyright owner.

Analysis of the Opinion

MP3tunes offers a cloud music storage service that allows users to play song files they have uploaded to a private locker on any internet-enabled device. MP3tunes permits users to upload songs from their own hard drives, and also operates a search engine for song files available for free download on the internet. Users can copy songs indexed by the search engine to their lockers using software provided by MP3tunes and can also use an MP3tunes browser plug-in to copy other song files available on third-party websites to their lockers (the copying of files posted on the internet to user lockers is referred to as "sideloading"). MP3tunes keeps track of the sources of song files in user lockers, and MP3tunes' search engine adds song files accessed on third-party websites to its searchable index.

MP3tunes received a series of takedown notices identifying song titles and web addresses that allegedly infringed EMI's copyrights. EMI and its affiliates also provided a list of EMI artists, and demanded that MP3tunes remove all of EMI's copyrighted work. MP3tunes responded by removing links on its search engine to the web addresses identified, but did not remove song files sideloaded to user lockers from those addresses. EMI sued MP3tunes and its founder, Michael Robertson, for copyright infringement.

After both sides moved for summary judgment, the court first considered whether MP3tunes' activities were eligible for safe harbor under the DMCA. The court found that MP3tunes met the threshold requirement under section 512(i) of the DMCA of a "reasonably implemented" repeat infringer policy, because it had a procedure for removing allegedly infringing links, was not willfully blind to its users' activities and terminated the accounts of users that violated copyrights by sharing the content of their lockers with others. Because the purpose of section 512(i) was to deny safe harbor to services that tolerate "blatant infringers," and MP3tunes users who sideloaded content from third-party sites did not know whether the material they copied was infringing, the court concluded that MP3tunes met the section 512(i) threshold.

The court next considered whether MP3tunes complied with the EMI affiliates' takedown notices. The parties agreed that the eligibility requirements for safe harbor under both section 512(c) (which applies to the cloud storage service offered by MP3tunes) and section 512(d) (which applies to its search engine) were the same, and included expeditious takedown of infringing content following proper notice. Although the court found no duty to locate additional infringing work beyond that specifically identified in takedown notices, it concluded that MP3tunes was obligated to remove material from user lockers that it could trace back to an allegedly infringing source. The court held that "where service providers such as MP3tunes allow users to search for copyrighted works posted to the internet and to store those works in private accounts, to qualify for DMCA protection, those service providers must (1) keep track of the source and web address of stored copyrighted material, and (2) take content down when copyright owners identify the infringing sources in otherwise compliant notices." Accordingly, the court found that MP3tunes did not qualify for safe harbor protection for song files stored in user lockers that had been sideloaded from the unauthorized websites identified in takedown notices.

However, the court concluded that MP3tunes could claim safe harbor under the DMCA for all other material stored on its servers and linked to via its search engine. The court found that the EMI takedown notices did not give adequate notice of infringement beyond the files specifically identified, and that MP3tunes met the other statutory requirements for safe harbor: it lacked actual or "red flag" knowledge of additional infringement, and did not benefit from and control its users' infringing activity. The allegedly infringing files were located on popular file-sharing sites, like rapidshare.com, so the court found they lacked clear indicia of their infringing nature. The court further observed that EMI itself regularly distributes works on the internet for free in the interest of marketing, and declined to construe the terms "free," "mp3" or "file-sharing" as raising a red flag: "If investigation is required to determine whether material is infringing, then those facts and circumstances are not 'red flags.'"

Turning to the question of infringement, the court found that MP3tunes was contributorily liable for continuing to store material in user lockers that came from a source identified as infringing in takedown notices. EMI had provided proof of direct infringement, so the court considered whether MP3tunes (1) knew or should have known of the infringement; and (2) materially contributed to it. The court found the knowledge prong satisfied by the takedown notices and the materiality prong satisfied by the fact that MP3tunes continued to let users access works it knew had been downloaded without authorization. The court rejected MP3tunes' argument that it should not be found liable since its cloud storage service was capable of substantial noninfringing uses: "In cases where defendants are not found to have contributorily infringed because their products have substantial non-infringing uses, the defendants did not have an on-going relationship with the underlying infringers." Since MP3tunes knew of the specific infringement, and nevertheless permitted its users to access those works, it was secondarily liable for the infringement.

Finally, the court addressed peripheral issues, the most noteworthy of which involved MP3tunes' use of a standard algorithm that saved identical blocks of uploaded data only once on its servers—so that if multiple users uploaded the identical song, it would be saved in only one location. The court found that this practice did not amount to the creation of a "master copy" and did not violate EMI's public performance right.

Practical Considerations

Because the court relied on the difficulty of determining whether free file downloads are authorized in light of the fact that content owners like EMI themselves regularly offer promotional downloads, content owners should take care to limit their availability on third-party sites.  In fact, given the widespread adoption of streaming services—which offer an alternative marketing channel—content owners should consider ending the practice of promotion downloads altogether.

The case raises questions for cloud storage service providers about the appropriate measures for tracking the "source" of material uploaded to their services. Storage providers that also offer search capabilities should be prepared to account for how they track sources. Lastly, service providers will be heartened by the court's blessing of the use of standard algorithms to avoid file duplication on their servers.